Hi Nick, Following your guidance, I made some modifications to the the header module, having it look for another header and make that available as a token, but failed to get the session id for the record name. Is there anything else I should do?
Thanks, Yang > On Apr 27, 2020, at 17:30, Yang Yang <[email protected]> wrote: > > Hi Nick, > > I failed to get session id from http header “SessionID” with settings > “http-session-id-header: SessionID” in guacamole.properties. Changes I made > to guacamole-auth-header extension is as below. Is there anything else I > missed? With record name set to ${HHEADER_SESSION_ID}-${GUAC_USERNAME}, I can > get the correct user name in the record name, as > ${HHEADER_SESSION_ID}-guacadmin.1. > > ############# > diff -Naur > guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java > > guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java > --- > guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java > 2019-06-24 07:13:11.000000000 +0800 > +++ > guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java > 2020-04-26 21:34:04.715403123 +0800 > @@ -21,12 +21,15 @@ > > import com.google.inject.Inject; > import com.google.inject.Provider; > +import java.util.Map; > +import java.util.HashMap; > import javax.servlet.http.HttpServletRequest; > import org.apache.guacamole.GuacamoleException; > import org.apache.guacamole.net.auth.Credentials; > import org.apache.guacamole.net.auth.credentials.CredentialsInfo; > import > org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException; > import org.apache.guacamole.auth.header.user.AuthenticatedUser; > +import org.apache.guacamole.token.TokenName; > import java.security.Principal; > > /** > @@ -34,6 +37,10 @@ > * AuthenticationProvider implementation. > */ > public class AuthenticationProviderService { > + /** > + * The prefix to use when getting http header attribute token. > + */ > + public static final String HTTP_HEADER_ATTRIBUTE_TOKEN_PREFIX = > "HHEADER_"; > > /** > * Service for retrieving header configuration information. > @@ -68,13 +75,26 @@ > // Pull HTTP header from request if present > HttpServletRequest request = credentials.getRequest(); > if (request != null) { > + Map<String, String> tokens = new HashMap<>(); > + > + // Get the session id from the header configured in > guacamole.properties > + String session_id = > request.getHeader(confService.getHttpSessionIdHeader()); > + > + if (session_id != null) { > + // Pass session_id to gucamole server as a custom token > + String tokenName = TokenName.canonicalize("SESSION_ID", > + HTTP_HEADER_ATTRIBUTE_TOKEN_PREFIX); > + Object value = session_id; > + if (value != null) > + tokens.put(tokenName, value.toString()); > + } > > // Get the username from the header configured in > guacamole.properties > String username = > request.getHeader(confService.getHttpAuthHeader()); > > if (username != null) { > AuthenticatedUser authenticatedUser = > authenticatedUserProvider.get(); > - authenticatedUser.init(username, credentials); > + authenticatedUser.init(username, credentials, tokens); > return authenticatedUser; > } > > diff -Naur > guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java > > guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java > --- > guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java > 2019-06-24 07:13:11.000000000 +0800 > +++ > guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java > 2020-04-26 21:18:44.196791822 +0800 > @@ -54,4 +54,22 @@ > ); > } > > + /** > + * Returns the header of the HTTP server as configured with > + * guacamole.properties used for HTTP session id. > + * By default, this will be "SESSION_ID". > + * > + * @return > + * The header used for HTTP session id, as configured with > + * guacamole.properties. > + * > + * @throws GuacamoleException > + * If guacamole.properties cannot be parsed. > + */ > + public String getHttpSessionIdHeader() throws GuacamoleException { > + return environment.getProperty( > + HTTPHeaderGuacamoleProperties.HTTP_SESSION_ID_HEADER, > + "SESSION_ID" > + ); > + } > } > diff -Naur > guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java > > guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java > --- > guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java > 2019-06-24 07:13:11.000000000 +0800 > +++ > guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java > 2020-04-26 21:19:33.462203886 +0800 > @@ -45,4 +45,13 @@ > > }; > > + /** > + * The header used for HTTP header session id. > + */ > + public static final StringGuacamoleProperty HTTP_SESSION_ID_HEADER = new > StringGuacamoleProperty() { > + > + @Override > + public String getName() { return "http-session-id-header"; } > + > + }; > } > diff -Naur > guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java > > guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java > --- > guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java > 2019-06-24 07:13:11.000000000 +0800 > +++ > guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java > 2020-04-26 21:48:05.856231164 +0800 > @@ -20,6 +20,8 @@ > package org.apache.guacamole.auth.header.user; > > import com.google.inject.Inject; > +import java.util.Collections; > +import java.util.Map; > import org.apache.guacamole.net.auth.AbstractAuthenticatedUser; > import org.apache.guacamole.net.auth.AuthenticationProvider; > import org.apache.guacamole.net.auth.Credentials; > @@ -44,6 +46,11 @@ > private Credentials credentials; > > /** > + * Tokens associated with this authenticated user. > + */ > + private Map<String, String> tokens; > + > + /** > * Initializes this AuthenticatedUser using the given username and > * credentials. > * > @@ -53,8 +60,10 @@ > * @param credentials > * The credentials provided when this user was authenticated. > */ > - public void init(String username, Credentials credentials) { > + public void init(String username, Credentials credentials, > + Map<String, String> tokens) { > this.credentials = credentials; > + this.tokens = tokens; > setIdentifier(username.toLowerCase()); > } > ########## > > Thanks, > Yang > >> On Apr 23, 2020, at 03:36, Nick Couchman <[email protected] >> <mailto:[email protected]>> wrote: >> >> On Wed, Apr 22, 2020 at 5:46 AM Yang Yang <[email protected] >> <mailto:[email protected]>> wrote: >> Hi, >> >> I am looking to use the string in certain HTTP header as a session id, and >> name the record of the session. Is there any parameter token with HTTP >> header authentication extension I can use? If not, could you help to tell >> what I should do to customize the HTTP header authentication extension to >> work in this way? >> >> What I really want to achieve is have a unique id for each session record >> file that I can generate by myself. Do you have any other solution? >> >> >> The only thing that the header module currently passes through is the header >> that identifies the user. You could easily add another value to this by >> modifying the following code: >> >> https://github.com/apache/guacamole-client/blob/f2405d936379b62553c25cf13270587e0c9feff1/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java#L65-L86 >> >> <https://github.com/apache/guacamole-client/blob/f2405d936379b62553c25cf13270587e0c9feff1/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java#L65-L86> >> >> That is where the header module extracts the header and makes it available. >> You could tweak that code and have it look for another header of your >> specification that would be passed through, and make that available as a >> token. >> >> Alternatively, Guacamole also has the ${GUAC_DATE} and ${GUAC_TIME} tokens, >> so if you need to put together something that uniquely identifies the user >> (i.e. for recording purposes) you could use a combination of tokens, like: >> >> ${GUAC_USERNAME}-${GUAC_DATE}-${GUAC_TIME} >> >> -Nick >
